Cyber Security for Travelers: How Not to Get Burned This Summer
Ready to apply tips for a cyber-safe summer holiday
It’s as summer as it can possibly be.
As the temperatures soar, the city streets empty more and more. These days there are fewer cars, fewer people, fewer reasons to be stressed.
Work is slow and out-of-office auto-responders are the norm.
You cannot help but daydream about your upcoming holiday, the one that you’ve been planning for so many months.
The wait is almost over, soon you’ll be burying your feet into soft, white sand. You’ll try some exotic cocktails, while posting enviable photos on your Instagram account.
…fast forward, two or three weeks later. The summer holiday is over and you’re back home. But your place is not quite as you left it. It’s actually the opposite. It’s ravaged. You were robbed.
How did the perfect holiday turn into the worst nightmare?
You end up fighting with your insurance company that won’t cover the damage, as they claim it’s your fault. You tipped off the crooks with your holiday social media updates and check-ins.
Though they might have seemed innocent and harmless at that moment, you basically gave burglars an open invitation to your place.
Does this seem like an extreme and unlikely situation?
Sorry to burst your bubble, it’s actually not that uncommon.
Scanning social media profiles to identify easy targets is one of burglars’ favorite tricks.
As the lines between the online and physical world life became blurry, your digital actions have real life impact.
Crooks don’t take summer holidays. They don’t stop their attacks and go tanning on an exotic beach, while sipping cocktails decorated with umbrellas and pineapple slices.
But if you do plan on doing that yourself, let me first walk you through what you need to do not to get burned.
Here’s how to have a cyber-safe summer holiday:
What to do before leaving:
Watch out for scams with holiday offers
Motto: better be safe (even paranoid) than sorry.
Cyber crooks especially set their sights on the travel industry before holidays. Travelers’ hunger for special deals makes them easy targets.
You might think that you ran into a hidden gem, an extraordinary travel deal, one that you can only take advantage of right in this moment.
The odds are that it’s actually a trap and you’ll be left with no money or holiday to daydream about.
That why it’s essential to pay attention to the attachments you download and the links you click on.
Especially when you’re on your mobile phone, as it’s much harder to realize how legit the websites you ended up on really are.
Here are some red flags that you should watch out for so you don’t fall victim to phishing or malware attacks:
– Look at the sender, especially their name and email address. Do they match? Most scammers spoof the display name in order to appear to be from a brand, but the email is sent from a totally different domain. It can also have a slight variation in spelling, that you can easily miss if you’re tired or trying to multi-task.
– Scammers are likely to play on your emotions or sense of urgency. They might include an urgent request, such as “respond today or you will miss this exclusive deal, exciting offer, gift deal, etc”.
– Beware of links that you don’t know where they lead. They might be short links or IP addresses. If you don’t know what’s on the other end of the link, don’t click on it. You can check them first with a tool that shows you where they redirect (here’s a list of such security tools).
– Don’t download any attachments. They might look like innocent .PDFs or .DOCs with holiday offers, but the odds are that they are hiding some nasty malware.
As a rule of thumb, if it’s too good to be true, it most likely is.
If you want to perfect your social scams detection skills, here’s an extended guide.
Protect your devices (laptop, mobile, tablet) with passwords
I had to learn this the hard way, after a soon-to-be-ex employee decided to mess with my laptop. Laptop I left unattended and without a password protection.
Just a few weeks later, my accounts were breached and I lost all my work, only to discover that *someone* had installed a keylogger on my laptop.
Yeah, that was extremely stupid of me and I should have known better. You should know better. Learn from my mistakes!
Besides, it’s not much of a hassle to set a password for any existent device, no matter what operating system if you have. So do it. Now!
Go, open Settings and set a password.
Not “abcd”, “1234”, “0000”, “1111”, “qwerty”,“password” or any other common password.
Not your name or surname, not your birthdate, your lover’s name or any other family member (pets included). Not your favorite band, song or quote. Come on, anyone can find out those just by looking at your Facebook profile or reading your blog.
I’m talking about setting a real password. A strong one. One’s that unique and hard to guess. A combination of upper and lower cases, numbers and symbols.
Don’t write it down, memorize it.
And be careful of who’s sneaking up your back and watching you while you type it.
If you have the option to set a biometric authentication, that’s even better.
It’s true that we leave our fingerprints everywhere, but it doesn’t matter. The common enemy, such as vengeful ex employees or boyfriends/girlfriends, can’t replicate them easily.
Unless you somehow become the target of professionals, such as the spies living next door or hackers listening to weird music. In that case, I don’t know what you did to upset them and I don’t need to find out, but I can guarantee you that no passwords will save you.
Ok, now back to the real world. Set that password. For your laptop, your mobile phone, your tablet, your phablet. In case any of these ends up in the wrong hands or gets stolen, at least you’ll know you have a minimum security barrier.
Also, don’t forget to lock them when you’re not in the room. It’s better to be safe than sorry (like I was after I lost all my work because of that vengeful ex employee).
And if you want to read more about how I got hacked by my ex employee, the whole story is here.
Set in place any type of “Find my device” service
This one’s related to the previous point.
Make sure you have some sort of “find my device” tracking service installed and activated. Location must also be activated for it to work.
This way, in case your mobile or tablet ends up missing (either lost or stolen), you’ll be able to:
- Track it,
- Lock it,
- Delete everything on it immediately.
And change all your passwords as soon as you acknowledge the loss.
Bring (and keep) your software up to date
Yeah, I know, I also hate those annoying notifications prompting me to update whatever software. They’re intrusive and they’re interrupting me way more often than I’d like them to.
Before I started working with the Heimdal Security team I had no idea that cyber attackers embrace that software left outdated. It’s one of their favorite tools.
Companies release those updates and patches for two main reason:
- To introduce new features (major or minor),
- To fix security holes.
You might not care about those new features (I know I usually don’t), but you should care about the bugs.
Cyber crooks will always find new ways to exploit security flaws and attack users.
It’s a never-ending game. No matter how much work they put into a software or an app, software creators aren’t perfect. Their software isn’t perfect. And cyber crooks are inventive, they’re driven, they’ll always discover new security vulnerabilities.
Time for some scary data: did you know that 8 software apps make 99% of PCs around the world vulnerable to cyber attacks?
And by “vulnerable software” I’m not talking about some obscure apps that nobody ever heard of, nor use it. I’m talking about the most popular apps, that we’re all using each and every day. Browsers, plugins, add-ons, desktop apps.
The top vulnerable software is:
- Browsers: Google Chrome, Mozilla Firefox, Internet Explorer, none of them is safe
- Browser plugins and add-ons: Adobe Flash Player, Oracle Java, Adobe Air, Adobe Reader, Adobe Acrobat
- Desktop apps
You don’t need to take it personally, as these attacks are usually automated.
But you do have to take those updates seriously from now on. Now that you understand how those attack work, you don’t have any more excuses to ignore the updates.
And if you don’t believe me, let me introduce you to some top security experts: read what they have to say about the importance of software updates.
P.S. there’s a hassle-free solution to this problem: you can use a security tools that will keep those apps updated for you. The free version of Heimdal Security does exactly that, in a silent manner, without interrupting you.
Have multiple layers of security
Picture your digital possessions as a fortress. They should be surrounded with thick security walls. In case one line of defense falls, the others will still stand.
Protect your valuable assets with:
– A good antivirus software. I’m not going to give you any specific recommendations, as I haven’t tested them all. There are independent industry experts who do a much better job. However, here’s a research guide on how to choose the one that best fits your needs.
– A software that will keep you safe from the new generation of malware. The PRO version of Heimdal does that by scanning your incoming traffic and blocking any type of attack before it has the chance to do any harm. It will also block any of your data from “slipping” out and ending in the wrong hands. It works complementary with an antivirus.
– A password management software. Because it’s hard to remember all those random, unique passwords. A password management software will keep them safe and encrypted for you. My colleague wrote more about this in a security guide on healthy password management habits.
– A cloud storage service, for automatic backup. I’ll cover this one separately.
In case everything else fails, always have backup
Never say “this can’t happen to me”.
Just imagine if you lost your photos, private conversations, important and confidential documents.
How freaked out would you be? How much would it cost you? How much time would you lose?
An automatic backup is the ultimate safety net, but just as essential as the previous ones. It’s the only way to make sure that you don’t lose any important file or folder.
If your device is stolen or infected with any type of malware, an automated backup ensures that you don’t lose anything essential. And you’ll format it without feeling sorry for all those files left unsaved.
Give a second thought on what you write in the out-of-office auto-responder.
Make sure that you don’t give away too much information through your email.
Things like when you expect to be back and an alternative contact information in case of urgency are more than enough.
Financial security measures
Just a few more couple of things to check before you leave on vacation. These should be activated all the time, not just while you’re on holidays.
First, I hope you have activated 3-d secure – the authentication method for payments, that works as an extra layer of security.
Here’s an explanation from MasterCard on how it works:
Second thing to activate: the service that sends you text notifications for all payments over a certain amount of money.
If one of these doesn’t sound familiar, grab your phone, call your bank and ask them to activate it.
Ok, that’s about it. Now you can go on your summer holiday and leave worries behind.
While you’re away:
No public wi-fi
Now this is one of the mistakes I’m guilty of all the time (hey, I never said I was perfect!).
I know exactly how it feels when you discover a wonderful coffee shop. The mug lies in front of you, surrounded in this wonderful light, making it really easy for you to take the perfect shot.
You want to post it on Instagram or Facebook and make your friends jealous.
The mug is just a random example, you can replace it with a selfie, a great landscape, a cat photo, a Snapchat mask or anything else that makes you tick. Yes, I have a point here and I’ll get to it real quick, I swear.
Ok, so in order to post that perfect photo of yours, you need to connect to a wi-fi.
Here comes the tricky part. Don’t connect to that public wireless that your mobile just found. Be patient and wait for a secure connection. Or just use your own mobile data.
Public wireless networks are a threat to your online security.
Public wi-fis from the airports, coffee shops, restaurants? Insecure.
Next time you feel the urge connect to one of those, keep in mind that any data that you transfer over it can be monitored.
It’s easy for someone with technical knowledge to track your online activity. They can get out your sensitive data: passwords, credit card details, private conversations, just to name a few.
Another scary statistic: a Wi-Fi attack on an open network can take less than two seconds! (source)
Make sure the connection is secure
Well, in case it’s inevitable and you absolutely MUST connect to a wireless network (I’m not the one to judge!), here’s how to make sure that it’s safe as it can possibly be.
First of all, check if it is secured using WPA security (WPA2 is even better), instead of WEP.
How to do this: In Windows 10, go to Network Settings (from the taskbar) – Advanced Options – Properties. You’ll see there the type of security (WEP, WPA or WPA2).
On MAC you’ll have to look under “Network preferences”.
Next, it should require you a password, it shouldn’t be free for anyone to connect to it.
Make sure that you’re connecting to legit networks, the ones provided by the owner, and not some scam versions with similar names. Pay attention to typos or any kind of misspellings.
You can also buy an annual subscription to a service that offers access to verified hotspots around the world (Boingo is one of them).
Another favorite scam to watch out for: fake hotspot registration pages. Those where you’re required to hand over your credit card information.
If you check all these, you’re free to post all the cat photos that you want.
Public PCs? Please don’t use them
Going further up on the scale of cyber security threats: public computers.
Experts are on the same page when it comes to public computers: steer clear from them.
They’re usually filled with malware and, most likely, everything that you type is being recorded.
If you absolutely must use a public PC, at least don’t connect to any of your important accounts. Leave financial transactions or emailing important confidential documents for some other time.
Instead, use your mobile phone to create a hotspot. Roaming plans have gone down in the past years (and will keep on doing so).
Try to stay only on secure websites, that have SSL. Here’s how to recognize them:
– Look at the address bar from the upper part of the browser. Does it have a green lock on the left? That means your connection is private. You can right click on it to find out more details about it.
– Does the address start with “https” instead of “http”? The extra s is also a good security sign.
And make sure that you disconnect all your accounts at the end of the session.
Delete all saved data, such as downloaded files and cookies (do that from the browser’s settings).
Use a VPN
VPN is short for “Virtual Private Network”. It will reroute the traffic through encrypted server and keep your online activity hidden from intruders.
Pay for a VPN service or use a known, well-established free one.
Most of them now also offer apps for mobile use, so they’re really easy to install and use.
Here are more details on how VPNs work.
Turn off wi-fi and bluetooth when you’re not using them
Turn these features off while you’re not actively using them.
Most laptops have a physical switch that you can use to toggle your wi-fi on and off. Flip it.
They’re also draining your battery (in case you didn’t find a plug to charge your device).
Stay safe on social networks
Back to where we started this article.
The lesson you should have drawn from that first story?
Never check in on your social networks. Never-ever.
As much as you’d want to brag about the lovely places and experiences from your vacation, wait until you get home.
There have been plenty of cases where burglars where tipped that home owners aren’t home. They found out right from their Facebook profiles and decided to take advantage.
You should also know that you aren’t covered if this ever happens to you. Insurance companies see it as a public invitation for thieves to break into your house.
After you come back home:
Review and disconnect unknown sessions
Start with a tour of your most important accounts.
Review them all, look for any kind of weird activity going on, anything that you don’t recognize.
On your email account: check for filters and forwards that were set. See if there’s anything new going on.
Gmail also gives you the option to see last account activity and where else you’re logged in to your account. You’re able to see the location (mobile, browser, POP3) and IP address.
If you don’t recognize one or more of those active sessions, disconnect them and immediately change your password.
Activate two-factor authentication, if you haven’t done that already before leaving on holidays.
Facebook has a similar feature. Go to Settings and then to the Security tab. You’ll see there two important options:
- Your browsers and apps
- Where you’re logged in
Check them both. Disconnect any device or browser that you don’t use anymore or you don’t recognize. Change your password instantly if you see any unknown session.
Activate Login Approvals , if you haven’t done that already before leaving on vacation. That’s their way to double check your authentication.
Revise your bank account(s) for any unknown transactions. Contact your bank immediately if there’s anything that you don’t recognize, no matter how small is the amount of money.
At the risk of sounding like a broken record: be paranoid.
Concrete example: A person contacts you and claims they represent a hotel you recently visited or a car renting company. They say there was some sort of problem and ask you for your credit card information or just click on a link to take care of the incident.
What do you do? Don’t trust them.
Tell them you’ll contact them back. Don’t reply on the same email or dial back on the same phone number. Instead, use the contacts listed on their official website.
Cyber attackers love holidays – all of them, no matter the season.
That’s because we tend to let our guard down and our attention span drops, we become easy targets. We help them increase their rate of success.
Don’t take a break from the healthy cyber security habits just because you’re on vacation.